Features

net.wars: Hadrian's Firewall

We may joke about the "Great Firewall of China", but by the end of 2007 content blocking will be a fact of Internet life in the UK.

In June, Vernon Coaker, Parliamentary Under-Secretary for the Home Department told Parliament: "I have recently set the UK Internet industry a target to ensure that by the end of 2007 all Internet service providers offering broadband Internet connectivity to the UK public prevent their customers from accesssing those Web sites." By "those", he means Web sites carrying pornographic images of children.

Coaker went on to say that by the end of 2006 he expects 90 percent of ISPs to have blocked "access to sites abroad", and that, "We believe that working with the industry offers us the best way forward, but we will keep that under review if it looks likely that the targets will not be met."

The two logical next questions: "How?" And "How much?"

Like a lot of places, the UK has two major kinds of broadband access: cable and DSL. DSL is predominantly provided by BT, either retail directly to customers or wholesale to smallerISPs. Since 2004, BT's retail service has been filtered by its Cleanfeed system, which last February the company reported was blocking about 35,000 attempts to access child pornography sites per day.

The list of sites to block comes from the Internet Watch Foundation, which compiles it from reports submitted by the public. ISPs pay IWF £5,000 a year to be supplied with the list - insignificant to a company like BT but not necessarily to a smaller one.

But the raw cost of the IWF list is insignificant compared to the cost of re-engineering a network to do content blocking.

How much will it cost for the entire industry?

Malcolm Hutty, head of public affairs at LINX, says he can't even begin to come up with a number. BT, he thinks, spent something like £1 million in creating and deploying Cleanfeed - half on original research and development, half on deployment. Most of the first half of that would not now be necessary for an ISP trying to decide how to proceed, since a lot more is known now than back in 2003.

For one thing, although it might seem logical that Cleanfeed would be available to any DSL provider reselling BT's wholesale product, that's not the case.

"You can be buying all sorts of different products to be able to provide DSL service," he says. A DSL provider might simply rebrand BT's own service ? or it might only be paying BT to use the line from your home to the exchange. "You have to be pretty close to the first extreme before BT Cleanfeed can work for you."

So adopting Cleanfeed might mean re-engineering your entire product.

In the cable business, things are a bit different. There, an operator like NTL or Telewest (or "Virgin" as we will have to get used to calling it) owns the entire network, including the fibre to each home. If you're a cable company that implemented proxy caching in the days when bandwidth was expensive and caching was fashionable, the technology you built then will make it cheap to do content blocking. According to Hutty, NTL is in this category ? but its subsidiary Telewest and DSL businesses are not.

So the expense to a particular operator varies for all sorts of reasons: the complexity of the network, how it was built, what technologies it's built on. This mandate, therefore, has no information behind it as to how much it might cost, or the impact it might have on an industry that other sectors of government regard as vital for Britain's economic future.

The "How?" question is just as complicated.

Cleanfeed itself is insecure (PDF), as Cambridge researcher Richard Clayton has recently discovered. Cleanfeed was intended to improve on previous blocking technologies by being both accurate and inexpensive. However, Clayton has found that not only can the system be circumvented but it also can be used as an "oracle to efficiently locate illegal websites".

Content blocking is going to be like every other security system: it must be constantly monitored and updated as new information and attacks becomes known or are developed. You cannot, as Clayton says, "fit and forget".

The other problem in all this is the role of the IWF.

It was set up in 1996 as a way for the industry to regulate itself; the meeting where it was proposed came after threats of external regulation. If all ISPs are required to implement content blocking, and all content blocking is based on the IWF's list, the IWF will have considerable power to decide what content should be blocked.

So far, the IWF has done a respectable job of sticking to clearly illegal pornography involving children. But its ten years have been marked by occasional suggestions that it should broaden its remit to include hate speech and even copyright infringement. Proposals are circulating now that the organisation should become an independent regulator rather than an industry-owned self-regulator.

If IWF is not accountable to the industry it regulates; if it's not governed by Parliamentary legislation; if it's not elected?.then we will have handed control of the British Internet over to a small group of people with no accountability and no transparency. That sounds... almost Chinese, doesn't it?